twitterで @mikeda からこんなメンションきた。
どうやらこのエントリを読んでいただいたようですが、確かこれCentOS4.4の時代じゃなかったかなーと記憶してます。前職で急性胆嚢炎やっちまって入院だの自宅療養だのやってたときに書いた記憶だけが鮮明に残ってますが、CentOSだって6.0が出てProftpdもepelからインストールすると1.3.3eです。せっかくなのでアップデートしようかと。
※ 2015/11/07 追記
こちらに新しい記事がありますので、Googleなどから検索された方はこちらをどうぞ。
※注!
実はまだ作りかけで、パッケージは入ったはいいものの認証がうまくいってません!><
■ OSインストール
OSはCentOS6.0のBASEパッケージのみを選択してインストール。追加したパッケージは以下の通り。
ftp-0.17-51.1.el6.x86_64 gcc-4.4.4-13.el6.x86_64 gcc-c++-4.4.4-13.el6.x86_64 glibc-devel-2.12-1.7.el6_0.5.x86_64 glibc-headers-2.12-1.7.el6_0.5.x86_64 kernel-headers-2.6.32-71.29.1.el6.x86_64 keyutils-libs-devel-1.4-1.el6.x86_64 krb5-devel-1.8.2-3.el6_0.7.x86_64 libacl-devel-2.2.49-4.el6.x86_64 libattr-devel-2.4.44-4.el6.x86_64 libcap-devel-2.16-5.2.el6.x86_64 libcom_err-devel-1.41.12-3.el6.x86_64 libselinux-devel-2.0.94-2.el6.x86_64 libsepol-devel-2.0.41-3.el6.x86_64 libstdc++-devel-4.4.4-13.el6.x86_64 make-3.81-19.el6.x86_64 mysql-devel-5.1.52-1.el6_0.1.x86_64 mysql-server-5.1.52-1.el6_0.1.x86_64 ncurses-devel-5.7-3.20090208.el6.x86_64 openldap-devel-2.4.19-15.el6_0.2.x86_64 openssl-devel-1.0.0-4.el6_0.2.x86_64 pam-devel-1.1.1-4.el6_0.1.x86_64 patch-2.6-6.el6.x86_64 postgresql-devel-8.4.7-1.el6_0.1.x86_64 rpm-build-4.8.0-12.el6.x86_64 zlib-devel-1.2.3-25.el6.x86_64
■ epelリポジトリ インストール
[cc lang='text' ]
$ wget http://ftp.riken.jp/Linux/fedora/epel/6/x86_64/epel-release-6-5.noarch.rpm
$ sudo rpm -ivh epel-release-6-5.noarch.rpm
[/cc]
■ epelを一旦無効にする
[cc lang='text' ] $ sudo cp -p /etc/yum.repos.d/epel.repo /etc/yum.repos.d/epel.repo.orig $ sudo vi /etc/yum.repos.d/epel.repo $ diff /etc/yum.repos.d/epel.repo /etc/yum.repos.d/epel.repo.orig 6c6 < enabled=0 --- > enabled=1 [/cc]
■ proftpd proftpd-mysql インストール
[cc lang='text' ] $ sudo yum --enablerepo=epel install proftpd proftpd-mysql [/cc]
■ config作成
[cc lang='text' ] $ sudo cp -p /etc/proftpd.conf /etc/proftpd.conf.orig $ sudo vi /etc/proftpd.conf [/cc]
以下configファイル
[cc lang='text' ]
# This is the ProFTPD configuration file
# $Id: proftpd.conf,v 1.1 2004/02/26 17:54:30 thias Exp $
ServerName "ProFTPD server"
ServerIdent on "FTP Server ready."
ServerAdmin root@localhost
ServerType standalone
#ServerType inetd
DefaultServer on
AccessGrantMsg "User %u logged in."
#DisplayConnect /etc/ftpissue
#DisplayLogin /etc/ftpmotd
#DisplayGoAway /etc/ftpgoaway
DeferWelcome off
PassivePorts 10000 10010
# Use this to excude users from the chroot
DefaultRoot ~ !adm
# Use pam to authenticate (default) and be authoritative
AuthPAMConfig proftpd
AuthOrder mod_auth_pam.c* mod_auth_unix.c
# Do not perform ident nor DNS lookups (hangs when the port is filtered)
IdentLookups off
UseReverseDNS off
# Port 21 is the standard FTP port.
Port 21
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022
# Default to show dot files in directory listings
ListOptions "-a"
# See Configuration.html for these (here are the default values)
#MultilineRFC2228 off
#RootLogin off
#LoginPasswordPrompt on
#MaxLoginAttempts 3
#MaxClientsPerHost none
#AllowForeignAddress off # For FXP
# Allow to resume not only the downloads but the uploads too
AllowRetrieveRestart on
AllowStoreRestart on
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 20
# Set the user and group that the server normally runs at.
User nobody
Group nobody
# Disable sendfile by default since it breaks displaying the download speeds in
# ftptop and ftpwho
UseSendfile no
# This is where we want to put the pid file
ScoreboardFile /var/run/proftpd.score
# Normally, we want users to do a few things.
AllowOverwrite yes
AllowAll
# Define the log formats
LogFormat default "%h %l %u %t "%r" %s %b"
LogFormat auth "%v [%P] %h %t "%r" %s"
# TLS
# Explained at http://www.castaglia.org/proftpd/modules/mod_tls.html
#TLSEngine on
#TLSRequired on
#TLSRSACertificateFile /etc/pki/tls/certs/proftpd.pem
#TLSRSACertificateKeyFile /etc/pki/tls/certs/proftpd.pem
#TLSCipherSuite ALL:!ADH:!DES
#TLSOptions NoCertRequest
#TLSVerifyClient off
##TLSRenegotiate ctrl 3600 data 512000 required off timeout 300
#TLSLog /var/log/proftpd/tls.log
# SQL authentication Dynamic Shared Object (DSO) loading
# See README.DSO and howto/DSO.html for more details.
LoadModule mod_sql.c
LoadModule mod_sql_mysql.c
# LoadModule mod_sql_postgres.c
ModulePath /usr/libexec/proftpd/
# A basic anonymous configuration, with an upload directory.
#
# User ftp
# Group ftp
# AccessGrantMsg "Anonymous login ok, restrictions apply."
#
# # We want clients to be able to login with "anonymous" as well as "ftp"
# UserAlias anonymous ftp
#
# # Limit the maximum number of anonymous logins
# MaxClients 10 "Sorry, max %m users -- try again later"
#
# # Put the user into /pub right after login
# #DefaultChdir /pub
#
# # We want 'welcome.msg' displayed at login, '.message' displayed in
# # each newly chdired directory and tell users to read README* files.
# DisplayLogin /welcome.msg
# DisplayFirstChdir .message
# DisplayReadme README*
#
# # Some more cosmetic and not vital stuff
# DirFakeUser on ftp
# DirFakeGroup on ftp
#
# # Limit WRITE everywhere in the anonymous chroot
#
# DenyAll
#
#
# # An upload directory that allows storing files but not retrieving
# # or creating directories.
#
# AllowOverwrite no
#
# DenyAll
#
#
#
# AllowAll
#
#
#
# # Don't write anonymous accesses to the system wtmp file (good idea!)
# WtmpLog off
#
# # Logging for the anonymous transfers
# ExtendedLog /var/log/proftpd/access.log WRITE,READ default
# ExtendedLog /var/log/proftpd/auth.log AUTH auth
#
#
ServerIdent on ""
RootLogin off
ListOptions "-la"
DefaultRoot ~ !wheel
RequireValidShell off
UseReverseDNS off
IdentLookups off
TimesGMT off
TimeoutIdle 600
TimeoutLogin 300
TimeoutNoTransfer 600
TimeoutStalled 600
ShowSymlinks on
MaxClientsPerHost 8
MaxHostsPerUser 2
LogFormat allinfo "%t : %u (%a [%h]) : [%s], %T, %m (%f)"
LogFormat write "%t : %u : %F (%a)"
LogFormat read "%t : %u : %F (%a)"
LogFormat auth "%t : %u (%a [%h])"
ExtendedLog /var/log/proftpd/all.log ALL allinfo
ExtendedLog /var/log/proftpd/write.log WRITE write
ExtendedLog /var/log/proftpd/read.log READ read
ExtendedLog /var/log/proftpd/auth.log AUTH auth
AllowOverwrite on
AllowStoreRestart on
AllowRetrieveRestart on
SQLAuthenticate users
#SQLAuthenticate on
SQLConnectInfo proftpd@localhost:3306 proftpd PASSWORD
#SQLAuthTypes Crypt
SQLAuthTypes Plaintext
SQLUserInfo users userid password uid gid homedir shell
SQLGroupInfo groups groupname gid members
#AuthOrder mod_sql.c
QuotaEngine on
QuotaLog /var/log/proftpd/quota-log
QuotaLimitTable sql:/get-quota-limit
QuotaTallyTable sql:/get-quota-tally/update-quota-tally/
insert-quota-tally
SQLNamedQuery get-quota-limit SELECT "userid, quota_type,
per_session, limit_type, bytes_in_avail, bytes_out_avail,
bytes_xfer_avail, files_in_avail, files_out_avail,
files_xfer_avail FROM quotalimits WHERE userid = '%{0}'
AND quota_type = '%{1}'"
SQLNamedQuery get-quota-tally SELECT "userid, quota_type,
bytes_in_used, bytes_out_used, bytes_xfer_used, files_in_used,
files_out_used, files_xfer_used FROM quotatallies WHERE
userid = '%{0}' AND quota_type = '%{1}'"
SQLNamedQuery update-quota-tally UPDATE "bytes_in_used =
bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1},
bytes_xfer_used = bytes_xfer_used + %{2}, files_in_used =
files_in_used + %{3}, files_out_used = files_out_used + %{4},
files_xfer_used = files_xfer_used + %{5} WHERE userid = '%{6}'
AND quota_type = '%{7}'" quotatallies
SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2},
%{3}, %{4}, %{5}, %{6}, %{7}" quotatallies
QuotaLock /tmp/proftpd-quota-lock
QuotaShowQuotas on
QuotaDisplayUnits Gb
QuotaDirectoryTally on
[/cc]
MySQLのスキーマを以下のように作ります。
[cc lang='text' ]
$ cat proftpd.schema
CREATE TABLE groups (
groupname VARCHAR(30) NOT NULL ,
gid SMALLINT(5) UNSIGNED NOT NULL DEFAULT 1000,
members varchar(255) default NULL,
PRIMARY KEY ( groupname ),
UNIQUE KEY gid (gid)
);
CREATE TABLE users (
userid varchar(30) NOT NULL,
password varchar(30) NOT NULL,
uid SMALLINT(5) UNSIGNED NOT NULL DEFAULT 1000,
gid SMALLINT(5) UNSIGNED NOT NULL DEFAULT 1000,
homedir varchar(255) default NULL,
shell varchar(255) default '/bin/true',
PRIMARY KEY (userid),
UNIQUE KEY uid (uid)
);
CREATE TABLE quotalimits (
userid VARCHAR(30) NOT NULL,
quota_type ENUM("user", "group", "class", "all") NOT NULL,
per_session ENUM("false", "true") DEFAULT 'true' NOT NULL,
limit_type ENUM("soft", "hard") DEFAULT 'soft' NOT NULL,
bytes_in_avail FLOAT DEFAULT '0' NOT NULL,
bytes_out_avail FLOAT DEFAULT '0' NOT NULL,
bytes_xfer_avail FLOAT DEFAULT '0' NOT NULL,
files_in_avail INT UNSIGNED DEFAULT '0' NOT NULL,
files_out_avail INT UNSIGNED DEFAULT '0' NOT NULL,
files_xfer_avail INT UNSIGNED DEFAULT '0' NOT NULL
);
CREATE TABLE quotatallies (
userid VARCHAR(30) NOT NULL,
quota_type ENUM("user", "group", "class", "all") DEFAULT 'user' NOT NULL,
bytes_in_used FLOAT DEFAULT '0' NOT NULL,
bytes_out_used FLOAT DEFAULT '0' NOT NULL,
bytes_xfer_used FLOAT DEFAULT '0' NOT NULL,
files_in_used INT UNSIGNED DEFAULT '0' NOT NULL,
files_out_used INT UNSIGNED DEFAULT '0' NOT NULL,
files_xfer_used INT UNSIGNED DEFAULT '0' NOT NULL
);
GRANT SELECT,UPDATE,INSERT ON proftpd.*
TO proftpd@localhost IDENTIFIED BY 'proftpd';
INSERT INTO groups VALUES ('testgroup',1000,'');
#INSERT INTO users VALUES (
# 'testuser',encrypt('testuser'),1001,1000,'/var/ftpdata','/bin/true');
INSERT INTO users VALUES (
'testuser','password',1001,1000,'/var/ftpdata','/bin/true');
INSERT INTO quotalimits VALUES (
'testuser','user','false','hard', 524288000,0,0,0,0,0);
[/cc]
ここまでできたら、あらかじめ「proftpd」データベースを作り、以下のコマンドでスキーマファイルからテーブル作成、データ投入を行います。
[cc lang='text' ] $ mysql -u root -p < proftpd.schema proftpd [/cc]
mysqldとproftpdを起動して繋がればOK!・・・のはずが、繋がらない(´・ω・`)
モジュールは読み込まれているんだけどなー。。。
[cc lang='text' ] $ sudo /usr/sbin/proftpd -vv ProFTPD Version: 1.3.3e (maint) Scoreboard Version: 01040003 Built: Thu Apr 7 2011 14:29:12 UTC Loaded modules: mod_sql_mysql/4.0.8 mod_sql/4.2.5 mod_lang/0.9 mod_ctrls/0.9.4 mod_cap/1.0 mod_vroot/0.9.2 mod_tls/2.4.2 mod_auth_pam/1.1 mod_readme.c mod_ident/1.0 mod_dso/0.5 mod_facts/0.1 mod_delay/0.6 mod_site.c mod_log.c mod_ls.c mod_auth.c mod_auth_file/0.8.3 mod_auth_unix.c mod_xfer.c mod_core.c [/cc]
